New Locky using WSF spotted in Brazilian underground

This type of file allows attackers to combine multiple scripting languages within a single file.

A new variant of Locky ransomware using Windows Scripting Files (WSF) as a downloader, Trend Micro researchers observed.

This type of file allows attackers to combine multiple scripting languages within a single file and the use of the file allows the threat to bypass security measures, including sandbox analysis, because the files aren't on the list of files typically used for malicious activity, according to an Aug. 14 blog post.

Furthermore, the ransomware downloaded by these WSF files have different hashes which makes detecting them via blacklisting even more difficult, the blog said.

The samples analyzed by the researchers had the properties of a “Yahoo Widget” in an effort to pass it off as legitimate.

Researchers spotted the new variant in the Brazilian underground market and believe it is targeting companies using spam emails with malicious .ZIP attachments that contain the ransomware.

Techscape is SC Media’s content marketing platform. Industry experts share their views in the following categories

Partner Content is sponsored content brought to you by a vendor

SC Media arms cybersecurity professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.